rs32net poistettu jotain jäi, HJT

vedäs nyt uusi Kaspersky Online Scannerin ajo

 

Ajoin tossa CCleaner ja näitä se ei suostu poistaa
Laitan tuon Kasperskyn rullaamaan, siinä meneekin jokunen tunti

Root Registry key Modified String value File/path reference
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders 2009-01-15 03:52:35 C:\Windows\PCHEALTH\ERRORREP\QHEADLES\ 1
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders 2009-01-15 03:52:35 C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\ 1
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\Folders 2009-01-15 03:52:35 C:\Windows\PCHEALTH\ERRORREP\QHEADLES\ 1
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Installer\Folders 2009-01-15 03:52:35 C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\ 1
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows Search\Databases\Windows 2009-01-13 14:59:30 LogPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows 2009-01-13 18:44:11 ApplicationPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Search\Databases\Windows 2009-01-13 14:59:30 LogPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Search\Gathering Manager\Applications\Windows 2009-01-13 18:44:11 ApplicationPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows 2009-01-13 18:44:11 GatherLogsPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Search\Gathering Manager\Applications\Windows 2009-01-13 18:44:11 GatherLogsPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows 2009-01-13 18:44:11 DefaultProjectPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Search\Gathering Manager\Applications\Windows 2009-01-13 18:44:11 DefaultProjectPath C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex 2009-01-13 15:00:07 WorkingDirectory C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Search\Gathering Manager\Applications\Windows\Projects\SystemIndex 2009-01-13 15:00:07 WorkingDirectory C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows Search\Databases\Windows 2009-01-13 14:59:30 FileName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
HKEY_LOCAL_MACHINE Software\Microsoft\Windows Search\Databases\Windows 2009-01-13 14:59:30 FileName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout 2007-10-13 15:25:31 LayoutFilePath C:\Windows\Prefetch\Layout.ini
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\OptimalLayout 2007-10-13 15:25:31 LayoutFilePath C:\Windows\Prefetch\Layout.ini
HKEY_USERS .DEFAULT\Software\Microsoft\GDIPlus 2007-10-13 10:39:20 FontCachePath C:\Windows\system32\config\systemprofile\AppData\Local
HKEY_USERS S-1-5-18\Software\Microsoft\GDIPlus 2007-10-13 10:39:20 FontCachePath C:\Windows\system32\config\systemprofile\AppData\Local
HKEY_USERS .DEFAULT\Software\Nokia\MPlatform\DataStores\c:_windows_system32_config_system~1_appdata_local_nokia_nokiad~1_ 2009-01-15 18:58:00 DatastorePath c:\windows\system32\config\system~1\appdata\local\nokia\nokiad~1\
HKEY_USERS S-1-5-18\Software\Nokia\MPlatform\DataStores\c:_windows_system32_config_system~1_appdata_local_nokia_nokiad~1_ 2009-01-15 18:58:00 DatastorePath c:\windows\system32\config\system~1\appdata\local\nokia\nokiad~1\
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers 2009-01-12 19:50:56 DefaultSpoolDirectory C:\Windows\system32\spool\PRINTERS
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Print\Printers 2009-01-12 19:50:56 DefaultSpoolDirectory C:\Windows\system32\spool\PRINTERS
HKEY_USERS S-1-5-21-462796423-2149648816-2056817671-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers 2009-01-13 19:27:28 C:\Users\jani\Desktop\HJTInstall.exe WINXPSP2
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers 2009-01-13 19:27:28 C:\Users\jani\Desktop\HJTInstall.exe WINXPSP2

 

juu anna mennä vain kaikki pois

 

Ccleaner ei poista noita millään. 26 tiedostoa jää roikkumaan.

Friday, January 16, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 16, 2009 02:06:27
Records in database: 1628582
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 234586
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 08:36:47

No malware has been detected. The scan area is clean.
The selected area was scanned.

 

ainakin kapenskyn mukaan puhasta tullut.

=======================

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

 

ATF Cleaner, tehty

Jotain outoa on vielä..
- Tietoturvakeskus ei mene päällä. Palveluista laitan automaatille niin hetken päästä se on pois käytöstä.
- Suojaa tietokonettasi käyttämällä käyttäjätilien hallintaa, ei ole rastitettuna ja silti se on päällä ja vaikka rastittaa niin ei jää muistiin.
- DC++; laitain nimimerkin ym. tiedot ja kun sammutan ohjelman ja käynnistän uudelleen se on unohtanut kaiken ja saa taas laittaa tiedot sinne

 

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45, on 2009-01-16
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telkku.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.inet.fi:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe

--
End of file - 5623 bytes

 

Katos että tuossa ei ole realiaikainen suojaus päällä
Windows Defender ota pois päältä.
Äläkkä laita päälle

Avaa Windows Defender.
Klikkaa Tools ja General Settings.
Selaa alas ja ota rasti pois Turn on real-time protection (recommended)-kohdasta.
Tämän jälkeen klikkaa Save ja sulje Windows Defender.

 

Defender on/oli pois päältä, tein vielä ohjeitesi mukaan. Ei muutosta.

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

tuokaan ei siis lähde toimimaan

 

Palvelua Tietoturvakeskus kohteessa Paikallinen tietokone ei voitu käynnistää
Virhe 1079: Palvelun käyttämiseen määritetty tili ei ole sama kuin muille samassa prosessissa suoritettaville palveluille on maaritetty tili

tuota kokeilin:
http://keskustelu.afterdawn.com/thread_view.cfm/602818

 

ComboFix ei lähde käyntiin
RomboFix lähtee --> ComboFix on havainnut rootkitin läsnäolon ja käynnistyy uudelleen

 

Poista lisää poista sovelutuksesta

Spyware Doctor

Poista kansio vikasiedossa

C:\Program Files\Spyware Doctor

==============

Lataa GMER ja tallenna se työpöydällesi:

" Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
" Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
" Älä rastita "Show All" boksia skannauksen aikana!
" Kun skannaus on valmis, klikkaa Copy.
" Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
" Liitä loki sitten viestiketjuusi

 

C:\Program Files\Spyware Doctor
Ei poistunut vikasietotilassa. Tuli vaan ilmoitus, yritä uudelleen

GMER ei asentunut
Muutin nimeksi MER niin lähti rullaamaan.. Outoa?

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-16 19:08:22
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

Code 869B9328 ZwEnumerateKey
Code 869EA460 ZwFlushInstructionCache
Code 869EE2CD IofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!IofCallDriver 820F7F6F 5 Bytes JMP 869EE2D2
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 821EE30B 5 Bytes JMP 869EA464
PAGE ntkrnlpa.exe!ZwEnumerateKey 82243BB4 5 Bytes JMP 869B932C
? C:\Windows\System32\Drivers\sptd.sys Prosessi ei voi käyttää tiedostoa, koska se on toisen prosessin käytössä.
.text USBPORT.SYS!DllUnload 8A1BC46F 5 Bytes JMP 86531770
? System32\Drivers\acpfa7as.SYS Määritettyä polkua ei löydy. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxIndirectParamW 773CBD25 5 Bytes JMP 6F8A5BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxParamW 773E1FD5 5 Bytes JMP 6F8A5B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxParamA 774080B2 5 Bytes JMP 6F8A5BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxIndirectParamA 774083DD 5 Bytes JMP 6F8A5C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxIndirectA 7741D471 5 Bytes JMP 6F8A5B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxIndirectW 7741D56B 5 Bytes JMP 6F8A5AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxExA 7741D5D1 5 Bytes JMP 6F8A5ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxExW 7741D5F5 5 Bytes JMP 6F8A5A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068D61E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068CAD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068D748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068CB9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068CC1A] \SystemRoot\System32\Drivers\sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[628] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00240002
IAT C:\Windows\system32\services.exe[628] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00240000
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740A7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740E98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740AD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7409F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740A7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7409E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740DB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740AD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740A012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740A0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740971F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7412D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740C75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7409DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7409668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740966BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2392] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740A1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 84B131E8
Device \FileSystem\fastfat \FatCdrom 870951E8
Device \Driver\volmgr \Device\VolMgrControl 84B101E8
Device \Driver\usbuhci \Device\USBPDO-0 865271E8
Device \Driver\usbuhci \Device\USBPDO-1 865271E8
Device \Driver\usbehci \Device\USBPDO-2 86556790
Device \Driver\usbuhci \Device\USBPDO-3 865271E8
Device \Driver\usbuhci \Device\USBPDO-4 865271E8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 865271E8
Device \Driver\usbehci \Device\USBPDO-6 86556790
Device \Driver\USBSTOR \Device\00000070 86670790
Device \Driver\volmgr \Device\HarddiskVolume1 84B101E8
Device \Driver\USBSTOR \Device\00000071 86670790
Device \Driver\volmgr \Device\HarddiskVolume2 84B101E8
Device \Driver\cdrom \Device\CdRom0 865391E8
Device \Driver\volmgr \Device\HarddiskVolume3 84B101E8
Device \Driver\cdrom \Device\CdRom1 865391E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 84B121E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84B121E8
Device \Driver\atapi \Device\Ide\IdePort0 84B121E8
Device \Driver\atapi \Device\Ide\IdePort1 84B121E8
Device \Driver\atapi \Device\Ide\IdePort2 84B121E8
Device \Driver\atapi \Device\Ide\IdePort3 84B121E8
Device \Driver\atapi \Device\Ide\IdePort4 84B121E8
Device \Driver\atapi \Device\Ide\IdePort5 84B121E8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-1 84B121E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-3 84B121E8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-a 84B121E8
Device \Driver\volmgr \Device\HarddiskVolume4 84B101E8
Device \Driver\cdrom \Device\CdRom2 865391E8
Device \Driver\netbt \Device\NetBT_Tcpip_{20CFECF5-C11D-438F-B66F-2DBD81400294} 86A341E8
Device \Driver\volmgr \Device\HarddiskVolume5 84B101E8
Device \Driver\netbt \Device\NetBt_Wins_Export 86A341E8
Device \Driver\PCI_NTPNP3593 \Device\0000004f sptd.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86579620

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 865271E8
Device \Driver\usbuhci \Device\USBFDO-1 865271E8
Device \Driver\usbehci \Device\USBFDO-2 86556790
Device \Driver\usbuhci \Device\USBFDO-3 865271E8
Device \Driver\usbuhci \Device\USBFDO-4 865271E8
Device \Driver\usbuhci \Device\USBFDO-5 865271E8
Device \Driver\usbehci \Device\USBFDO-6 86556790
Device \Driver\acpfa7as \Device\Scsi\acpfa7as1Port7Path0Target1Lun0 8656E718
Device \Driver\acpfa7as \Device\Scsi\acpfa7as1 8656E718
Device \Driver\acpfa7as \Device\Scsi\acpfa7as1Port7Path0Target0Lun0 8656E718
Device \FileSystem\fastfat \Fat 870951E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\UACtubqkqmp.sys (*** hidden *** ) 8EB23000-8EB36000 (77824 bytes)
---- Processes - GMER 1.0.14 ----

Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\PnkBstrA.exe [324] 0x008C0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\PnkBstrA.exe [324] 0x008D0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [460] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [460] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [460] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [584] 0x00160000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [584] 0x00170000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\wbem\unsecapp.exe [624] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\wbem\unsecapp.exe [624] 0x00090000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [628] 0x00220000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [628] 0x00230000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\lsass.exe [660] 0x00110000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\lsass.exe [660] 0x00120000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\lsm.exe [668] 0x00060000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\lsm.exe [668] 0x00070000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\SearchIndexer.exe [700] 0x00490000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\SearchIndexer.exe [700] 0x004A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe [720] 0x002D0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe [720] 0x002E0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [748] 0x00060000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [748] 0x00070000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\UStorSrv.exe [840] 0x00990000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\UStorSrv.exe [840] 0x00D30000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [856] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [856] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [856] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [916] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [916] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [916] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [952] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [952] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [952] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\Ati2evxx.exe [1008] 0x00180000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\Ati2evxx.exe [1008] 0x00190000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1024] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1024] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1024] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1048] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1048] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1048] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1060] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1060] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1060] 0x000E0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [1128] 0x00310000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [1128] 0x00320000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\SLsvc.exe [1208] 0x00180000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\SLsvc.exe [1208] 0x00190000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1252] 0x00090000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1252] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1252] 0x000B0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1372] 0x00170000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1372] 0x00190000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1388] 0x003B0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashServ.exe [1388] 0x003C0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\WUDFHost.exe [1448] 0x001E0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\WUDFHost.exe [1448] 0x00200000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1684] 0x00070000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1684] 0x000C0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1708] 0x00080000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1708] 0x00090000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1708] 0x000A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1984] 0x000C0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1984] 0x000D0000
Library \\?\globalroot\systemroot\system32\UACiprjpwir.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1984] 0x000E0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\Ati2evxx.exe [2136] 0x00250000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\Ati2evxx.exe [2136] 0x00260000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2296] 0x001E0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2296] 0x001F0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\Dwm.exe [2332] 0x00750000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\Dwm.exe [2332] 0x00760000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [2392] 0x00160000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [2392] 0x007F0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2424] 0x001F0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2424] 0x00200000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2480] 0x00800000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2480] 0x00810000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\WUDFHost.exe [2596] 0x00320000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\WUDFHost.exe [2596] 0x00330000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\wbem\wmiprvse.exe [2656] 0x00150000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\wbem\wmiprvse.exe [2656] 0x00160000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2728] 0x00060000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2728] 0x00070000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2836] 0x00240000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2836] 0x00250000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2876] 0x00170000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2876] 0x00180000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\SearchFilterHost.exe [2968] 0x007E0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\SearchFilterHost.exe [2968] 0x007F0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\system32\SearchProtocolHost.exe [3184] 0x006E0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\system32\SearchProtocolHost.exe [3184] 0x006F0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Users\jani\Desktop\mer.exe [3224] 0x003F0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Users\jani\Desktop\mer.exe [3224] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Windows Defender\MSASCui.exe [3228] 0x00240000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Windows Defender\MSASCui.exe [3228] 0x00250000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [3288] 0x003F0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [3288] 0x00A40000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3296] 0x002B0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3296] 0x002C0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [3328] 0x00290000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [3328] 0x002A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3336] 0x00060000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3336] 0x00070000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashDisp.exe [3360] 0x00290000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashDisp.exe [3360] 0x002A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\ehome\ehtray.exe [3376] 0x000C0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\ehome\ehtray.exe [3376] 0x000D0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnscfg.exe [3392] 0x00090000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnscfg.exe [3392] 0x000B0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Logitech\SetPoint\SetPoint.exe [3400] 0x003C0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Logitech\SetPoint\SetPoint.exe [3400] 0x003D0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3468] 0x00170000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3468] 0x00180000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3532] 0x001E0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3532] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Windows\ehome\ehmsas.exe [3588] 0x000D0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Windows\ehome\ehmsas.exe [3588] 0x000E0000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe [3660] 0x00380000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe [3660] 0x00390000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE [3680] 0x00250000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE [3680] 0x00260000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe [3868] 0x00320000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe [3868] 0x00340000
Library \\?\globalroot\systemroot\system32\UACjscwnafr.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe [3876] 0x002E0000
Library \\?\globalroot\systemroot\system32\UACviptwxif.dll (*** hidden *** ) @ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe [3876] 0x003F0000

---- Services - GMER 1.0.14 ----

Service C:\Windows\system32\drivers\UACtubqkqmp.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0xDF 0xCC 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x64 0x0E 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0xFE 0xE9 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3E 0xBC 0xA3 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtubqkqmp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtubqkqmp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACiprjpwir.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdwetbbrv.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcgxsxoue.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACjscwnafr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACviptwxif.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACsncodxmq.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACiryhfoup.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACemecpism.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x82 0xDF 0xCC 0x09 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x64 0x0E 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0xFE 0xE9 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x3E 0xBC 0xA3 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtubqkqmp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtubqkqmp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACiprjpwir.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdwetbbrv.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcgxsxoue.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACjscwnafr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACviptwxif.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACsncodxmq.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACiryhfoup.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACemecpism.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACtubqkqmp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACtubqkqmp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACiprjpwir.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACdwetbbrv.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACcgxsxoue.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACjscwnafr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACviptwxif.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACsncodxmq.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACiryhfoup.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACemecpism.log
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Janin kansio\Puhelin tiedostot\Pelit uudet\500 Games for Nokia\x2122 N95\F\FIFA 2009 Full Game + Crack\Setup\MIRCSYSTEMMODEM.exe 32

---- EOF - GMER 1.0.14 ----

 

Taitaa olla kohta format c:?

 

demon tool ollut vissiin koneella.

=============

lataa The Avenger (c)

Klikkaa Avenger.zip filua avataksesi sen.
Pura Avenger.exe työpöydällesi.

Nyt, aukaise The Avenger

katso että täppi on kohdassa Scan for rootkits

Klikaa execute

laita tuleva muistio tänne loki

 

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \systemroot\system32\drivers\UACtubqkqmp.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

 

Kopioi kaikki teksti lainausboksissa alapuolella tyhjälle muistiolle(alkaen Drives to delete):

Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi

"Script file to execute" alapuolelta valitse "Input Script Manually".
Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
Klikkaa Done.
Nyt klikkaa vihreää valoa aloittaaksesi skriptin.
Klikkaa "Yes" kun tulee kaksi varoitusboksia.

Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa.)
Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.

================

Niin voi se formatointikin eteen tulla.
sillä oli siellä sitä saastetta exe:jä myöten.
sitten kylmästi mitään säätämättä pistät kaikki asemat tikkua myöten tyhjäksi. jos ei tää tästä helpota vielä.

 

"Script file to execute", ei löydy, eikä "Input Script Manually". Eikä vihreää valoa
Onko sama kuin load script/file/internet tai input script here?